Beruflich Dokumente
Kultur Dokumente
Global Initiatives
One of the first organizations to
define a code of conduct, and a
standard by which personal
information should be gat hered,
stored, used, disseminated and
destroyed, occurred in 1980.
The Organization for Economic
Co-Operation and Development
(OECD) published a document
entitled, Recommendations of
the
Council
Concerning
Guidelines
Governing
the
Protection of Privacy and
Transborder Flow of Personal
Data,
enunciating
eight
personal information principles
on which almost all legislation
and directives on informational
privacy are based.
Page: 1
Data Quality
Special Categories of
Processing
Information to be Given to the
Data Subject
Rights of Access
Data Subjects Right to Object
Confidentiality and Security of
Processing
Notification
Contents of Notification
Publicizing of Processing
Operations
Judicial Remedies, Liability
and Sanctions
Transfer of Personal Data to
Third Countries
Supervisory Authority
Items_10_Article_May2001.doc
1. Make Someone
Responsible
In Europe that person is called
the Data Controller; in Canada,
the Privacy Compliance Officer;
and in the United States, most
Items_10_Article_May2001.doc
Items_10_Article_May2001.doc
3. Ensure Marketing
Materials Meet
Marketplace Privacy
Expectations
Given the need to inform
customers of what use you will
be making the personal information
you
gather,
and
obtaining their consent, it is
imperative that all customer
information, including market
material, application forms,
brochures, and agreements, in
both hard copy and on your
website
be
reviewed
for
legislative compliance.
Marketing information, including
customer brochures, forms,
applications and other systems
and documents used to collect
personal information, should be
used in accordance with the
entitys informational privacy
policies, and should ensure that
the entity:
Obtains the consent of the
data subject to collect the
information
Identifies the purpose for
which the information is being
collected and how it will be
used
Limits
the
personal
information gathered to that
which is reasonable to accomplish the business objectives of
the purpose for which the information is being collected
Robert G. Parker 2001
Page: 4
direct-marketing
firm
that
wishes to acquire a mailing list
from another organization. In
such cases, the entity providing
the list would be expected to
obtain
consent
before
disclosing personal information.
6. Provide Access to
Personal Information
Data subjects should be provided with an opportunity to
view personal information the
enterprise maintains about
them.
Most comprehensive
informational privacy legislation
requires that, upon request, the
data subject must be informed
of the existence, use, and disclosure of his or her personal
information and must be given
access to that information. A
data subject should be able to
challenge the accuracy and
completeness of the information and have it amended as
appropriate.
This request may be very
difficult to fulfill given the likelihood that personal information
may be maintained in many
organizational units within the
entity. If it cannot be obtained
at a reasonable cost and within
a reasonable period of time, the
entity may request permission
to disclose only that information
that it can reasonably obtain.
It must be remembered that
such disclosure is not a clerical
function. The information must
be carefully reviewed to ensure
that it does not include information that contains references to
other individuals, whereby such
disclosure would violate the
other individuals privacy. Care
must be taken with info rmation
that cannot be disclosed for
legal, security, or commercial
proprietary
reasons.
In
addition, care must be taken
Page: 5
accompanied
with
good
security. Safeguards should be
appropriate to the sensitivity of
the information.
7. Ensure Effective
Security and Safeguards
It is not sufficient to have good
informational privacy polices
and procedures. They must be
Items_10_Article_May2001.doc
However,
the
converse
situation also arises in that personal information that is used
on an ongoing basis, including
information that is disclosed to
third parties, should generally
be accurate and up-to-date,
unless limits to the requirement
for accuracy are clearly set out.
Clearly the accuracy principle
may
require
changes
to
business practices.
Summary
Informational privacy is not a
new concept. It is, however, for
some entities, a new way of
conducting business.
There
will
be
fallout.
Some
businesses that survive by
trading on personal information
may have to change their
modus operandi.
However,
change they must.
As we enter the 21st Century,
we are entering a world with a
new economic order, a global
economy, and reliance on
products and services born
through digital evolution. New
rules of the road are being
written. Privacy is one of them.
In fact, informational privacy
may the price of entry to the
global economy.
Page: 7